On (01/12/05 14:02), H.S. wrote: > Amish Rughoonundon wrote: > > Hi, > > I was looking at my auth.log file and I saw a bunch of these things: > > Nov 28 16:22:41 localhost sshd[11363]: Illegal user nobody from 212.0.148.2 > > > > I was wondering if there is a way to filter the ip allowed to access the > > computer and allow only 1 ip (mine) to do so. Thanks a lot, > > Amish > > > > > To deal with such kind of attacks, I have: > > 1. Using iptables, limited the number of ssh login attemts' rate to 5 > per minute (it is my home machine and I do not have many users, so this > rate limitation does not affect me in any negative way). > > 2. Made sure users have strong passwords. > > 3. Limited who can log in via ssh by specifying the authorized uses in > sshd_config using a line similar to this: > AllowUsers tom dick harry > > and restarting sshd. This line disallows all users other than Tom, Dick > and Harry. > > So, even if you do not something like 1 above, the rest of the points > will keep you safe. Earlier I used to allow only certain IPs(my school > IPs) via iptables, but then I realized its limitation when I wanted to > login from my relatives computer in another city. > > So, these steps in conjunction with the other suggestions you have in > other posts will make quite nice layers of security for this situation.
Thanks, this is really useful :) Regards Clive -- www.clivemenzies.co.uk ... ...strategies for business -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
